Overview

The Root Image Catalog provides a secure starting point for working with container images. Instead of pulling standard "latest" images from public repositories, you can use Root-curated versions that reduce vulnerabilities and offer continuously improved security baselines.

Root-curated images offer:

Reduced image size
Minimized attack surface
Improved starting security posture

How To Use the Root Image Catalog

Browse or Search Images

The catalog lists common images such as python, nginx, postgres, maven, zookeeper, and more.

Click one of the images shown, or use the search bar to quickly find what you need.
Select an image tag.

Compare Image Options

Now compare image options. For each image tag you’ll see three options:

Typical “Latest” Image: Standard public version, usually with high vulnerability counts.
Root Starter Image: A hardened baseline maintained by Root, with significantly fewer vulnerabilities.
Root AVR Image: You can also run a Root AVR scan to get a remediated version with critical, high, and medium vulnerabilities minimized even further.

Python image - As opposed to the typical "Latest Image", the Root Starter Image has only 5 critical CVEs, and by running a Remediation, you can get that down to only 2.

Pull or Remediate

Now, you can:

For a Root Starter Image, copy the provided docker command and use it with your standard Docker tools to pull the image.
For an even more secure image, click Remediate this image now to generate an AVR image with the lowest possible vulnerability count. See Remediate Image.